OpenVPN / openvpn

OpenVPN is an open source VPN daemon
http://openvpn.net
Other
10.93k stars 3.01k forks source link

OpenVPN Client (OpenVPN GUI) only works with administrator rights #629

Open roswitina opened 2 weeks ago

roswitina commented 2 weeks ago

I am currently using Windows 11 23H2 (Build 22631.4317) and have installed OpenVPN-2.6.12-I002-amd64. The OpenVPN GUI is loaded and the configurations are displayed. When I now start a configuration, I get the following error message in the log and the connection is cancelled.

2024-10-20 16:17:22 TCP/UDP: Preserving recently used remote address: [AF_INET]1.2.3.4:1194
2024-10-20 16:17:22 CreateFile failed on ovpn-dco device: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\ovpn-dco: access denied (errno=5)
2024-10-20 16:17:22 MANAGEMENT: Client disconnected
2024-10-20 16:17:22 All ovpn-dco adapters on this system are currently in use or disabled.
2024-10-20 16:17:22 Exiting due to fatal error

I remember that some time ago you had to start the OpenVPN client (GUI) with administrator rights for it to work, but I think that this was no longer necessary some time ago.

So I started the OpenVPN GUI with administrator rights and the connection setup worked again.

Am I wrong here and have I always had to start with administrator rights, or is there something wrong with my system? Where can I start?

selvanair commented 2 weeks ago

Am I wrong here and have I always had to start with administrator rights, or is there something wrong with my system? Where can I start?

No, its not advisable nor required to run OpenVPN-GUI as administrator. Could you check whether OpenVPNServiceInteractive is running? It should be running for the GUI to work correctly. This service is installed and started by default, unless you manually disabled it. Please check.

lstipakov commented 2 weeks ago

We've have seen some similar reports. Unfortunately I don't have a clear steps to reproduce and a solution for this problem. Apparently there is something on machine which triggers this behavior. It has been reported that when running msiexec /i OpenVPN-2.6.12-I002-amd64.msi under elevated privileges, the issue doesn't reproduce. Also you might want to add disable-dco and see if it works while we're investigating it.

roswitina commented 2 weeks ago

Am I wrong here and have I always had to start with administrator rights, or is there something wrong with my system? Where can I start?

No, its not advisable nor required to run OpenVPN-GUI as administrator. Could you check whether OpenVPNServiceInteractive is running? It should be running for the GUI to work correctly. This service is installed and started by default, unless you manually disabled it. Please check.

both services are running (OpenVPNServiceInteractive, OpenVPNService)

selvanair commented 2 weeks ago

both services are running (OpenVPNServiceInteractive, OpenVPNService)

Thanks for checking. I was not aware of the issue @lstipakov mentioned above. Try reinstalling from an elevated command prompt.

roswitina commented 2 weeks ago

We've have seen some similar reports. Unfortunately I don't have a clear steps to reproduce and a solution for this problem. Apparently there is something on machine which triggers this behavior. It has been reported that when running msiexec /i OpenVPN-2.6.12-I002-amd64.msi under elevated privileges, the issue doesn't reproduce. Also you might want to add disable-dco and see if it works while we're investigating it.

I have run msiexec /i OpenVPN-2.6.12-I002-amd64.msi in a console with administrator rights. Everything worked immediately after the installation. However, after logging out and logging in again, it no longer worked. In addition, I was only able to install the OpenVPN-2.6.12-I001-amd64.msi version. I was unable to download the OpenVPN-2.6.12-I002-amd64.msi version.

I also use the entry windows-driver wintun in my conf file. The following settings worked

worked

#OpenVPN Client conf
disable-dco
#windows-driver wintun
tls-client
client
...

does not work

#OpenVPN Client conf
#disable-dco
#windows-driver wintun
tls-client
client
...

does not work

#OpenVPN Client conf
disable-dco
windows-driver wintun
tls-client
client
...

does not work

#OpenVPN Client conf
#disable-dco
windows-driver wintun
tls-client
client
...

When I start the OpenVPn GUI with admin rights, all configurations work.

lstipakov commented 2 weeks ago

Obviously installing from elevated prompt cannot be considered as a fix and should not matter. Something is going on with access control which we do not fully understand.